If you submitted a custom Certificate Signing Request (CSR) when generating your DigiCert S/MIME certificate, the certificate you download from DigiCert's collection email will not contain the required private key file. In order to use your S/MIME certificate, you must combine the certificate with its matching private key and create a PKCS#12 file.

DigiCert's collection website allows you to download either a PKCS#7 file (.p7b) which is your S/MIME certificate and DigiCert's intermediate certificates combined in a single file. We recommend downloading this version of the file.

You may also download a zipped folder of your S/MIME certificate and the intermediate certificates saved separately. 

Convert Certificate to PKCS#12

There are a few tools you can use to convert your certificate to the correct file type. The process involves combining the certificate, intermediate certificates, and private key into a single PFX format file. 

OpenSSL Conversion

If you are familiar with the OpenSSL library, you can run a few commands to convert your S/MIME certificate. Please make sure the file names match with the command input. 

openssl pkcs7 -print_certs -in certificate.p7b -out certificate.cer
openssl pkcs12 -export -in certificate.cer -inkey privateKey.key -out certificate.pfx -certfile CACert.cer

SSLShopper Certificate Converter Tool

SSLShopper has a special tool for converting and combining certificates. Click here to access the tool: SSLShopper Certificate Converter

You will need:

  • Your S/MIME certificate .p7b file
  • Your certificate's matching private key - saved as .key file

On SSLShopper's tool, you will find these options:

  1. Certificate File to Convert - click Choose File to upload your S/MIME .p7b file. 
  2. Type of Current Certificate - this should automatically detect P7B/PKCS#7 
  3. Type to Convert To - select PFX/PKCS#12
  4. Once additional file options appear, upload your Private Key (.key format) in the required field.
  5. Because you are uploading a .p7b file, you do not need to include any additional chain certificates.
  6. PFX Password - type in a new password for your certificate file.
  7. Click Convert Certificate.
  8. You should be prompted to save your new PFX type certificate file on your PC. 

You can proceed to install the S/MIME PFX file on the user's PC for use in email signing and encryption.